使用与HTTP_X_FORWARDED_FOR类似的方法在laravel中获取用户IP地址 [英] Get User IP address in laravel with similar method to HTTP_X_FORWARDED_FOR
问题描述
我需要获取用户的IP地址".
I need to get my users IP address'.
我找到了这篇文章如何获取客户端IP在Laravel 5.1中显示地址?
上述文章使用了 Request :: ip();
但是,此方法返回我的服务器IP地址.据我从其他来源了解到,这是在站点为localhost时发生的-但是该站点是托管的,并且位于服务器上.
However, this method returns my servers IP address. From what I can understand from other sources, this happens when the site is localhost - but the site is hosted and is live on a server.
该站点可以在线运行,但它可能引用 localhost ,因为该站点可能位于其自己的服务器上(我没有服务器配置经验,无法知道这是正确的还是不是,只是一个猜测).
This site is live and online, but it might refer to localhost, as the site might be sitting on its own server (I dont have any experience in server config to know if this is true or not, just a guess).
当我连接到数据库主机时,我也使用 localhost 引用,而不是将 mysql.phpmyadmin.hosting.com 用作数据库主机.因此,我的猜测是, Request :: ip(); 返回服务器ip,因为该站点以某种方式位于localhost.
When I connect to the DB Host, I do so using localhost referencing as well, and not something like mysql.phpmyadmin.hosting.com as DB Host. Therefore, my guess is, that the Request::ip(); returns the server ip, because the site somehow is sitting localhost.
但是,如果我使用$ _SERVER ['HTTP_X_FORWARDED_FOR'];我得到正确的IP地址.
However, if I use $_SERVER['HTTP_X_FORWARDED_FOR']; I get the correct IP address.
现在我的最后一个问题是:这样安全吗?还有使用Laravel函数发出此请求的另一种方法吗?
Now to my final question: Is this safe to use? Is there another way to use a Laravel function to make this request?
据我了解,$ _ SERVER ['HTTP_X_FORWARDED_FOR'];根据如何获取客户端IP地址,可能会有安全漏洞在PHP中?.
From what I can understand, the $_SERVER['HTTP_X_FORWARDED_FOR']; can have security holes, according to How to get the client IP address in PHP?.
我可以安全地使用 $ _ SERVER ['HTTP_X_FORWARDED_FOR']; 而不用担心吗?如果没有,我还能采取什么其他方式来安全地获得用户的IP地址?
Can I use $_SERVER['HTTP_X_FORWARDED_FOR']; safely without worrying? If not, what other way could I go, to get the users IP address safely?
推荐答案
X-Forwarded-For 的风险在于用户可以自己创建标头,从而传递他们希望的任何IP
The risk with X-Forwarded-For is that a user could create the header themselves, and thus pass along any IP they wish.
解决方案是仅在 REMOTE_ADDR 是您的受信任代理的标头时信任标头.有一个 Laravel软件包,您可以执行此限制.
The solution is to only trust the header when REMOTE_ADDR is that of your trusted proxy. There's a Laravel package that lets you enforce this restriction.
这篇关于使用与HTTP_X_FORWARDED_FOR类似的方法在laravel中获取用户IP地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
